Overview
ISO/IEC 27001 is the best-known standard in the ISO/IEC 27000 family of standards. it provides requirements for an information security management system (ISMS), a systematic approach to managing sensitive company information so that it remains secure.
Key Features
- Risk-Based Approach: Focuses on identifying and treating risks specific to the organization.
- Continuous Improvement: Uses the Plan-Do-Check-Act (PDCA) cycle to constantly refine security.
- Comprehensive Controls: Includes 114 controls across 14 domains (in the 2013 version), covering everything from physical security to human resources.
Certification
Organizations can be formally audited and certified against ISO 27001, which provides a high level of assurance to customers and partners.